Hello guys,
Does anybody have any ideas on the issues below?
Thanks,
Lenir
From: Lenir Santiago [mailto:le...@tristarcorp.net]
Sent: Friday, May 01, 2009 2:34 PM
To: 'Users' Help and Suggestions'
Subject: OpenCA Post Install Questions
Guys,
I have openCA up and running and I tried following Chapter 6 on the manual
(http://www.openca.org/~madwolf/ch06.html) as much as I could.
I am very new to PKI so please bare with me.
My goal is to set everything all the functionalities in one server. So after
the install, I did the following:
1) Open your web browser and go to: https://hostname.mycompany.com/pki/ca
2) Login and go to PKI Init & Config --> Initialization --> DB, Key and Cert
Init
3) Click on 'Initialize database'
4) Click on 'Generate new CA secret key' and use the default settings.
5) Copy the key from the screen and save it in a secure place.
6) go to PKI Init & Config --> Initialization --> DB, Key and Cert Init
7) Click on 'Generate new CA Certificate Request (use generated secret key)'
Question: Does Common Name (e.g. Name Surname) need to be the hostname of
the openca server? Or it same as the company name?
This is what I filled in:
E-mail address (PKIX deprecated) supp...@mycompany.com
Common Name (e.g. Name Surname) hostname.mycompany.com
Organizational Unit Name (e.g. MyUnit) My Company
Organization (e.g. OpenCA) My Company
Locality (e.g., Modena) Miami
State/Province (e.g., NY) FL
ISO 3166 Country Code (e.g. IT, DE, US, ...) US
8) Copy the certificate request from the screen and save it in a secure
place.
9) go to PKI Init & Config --> Initialization --> DB, Key and Cert Init
10) Click on 'Self Signed CA Certificate (from altready generated request)'
and set the length of validity and email address.
11) Copy the certificate from the screen and save it in a secure place.
12) go to PKI Init & Config --> Initialization --> DB, Key and Cert Init
13) Click on Rebuild CA Chain
Were my steps correct up to this point? If my steps were correct and im ok
up to this point.
At this point, on all of the interfaces (ca, ra, node, pub) the following
links don't work:
1)From the home page, when I click "Get CA Certificate", none of the
certificate links work, I get this error message for all the certificate
types:
The requested URL /pki/ca/cacert/cacert.crt was not found on this server.
2)From the home page, when I click "Request a Certificate", I get the
following error message:
Error 690
Configuration Error. Missing Configuration Keyword(s) :
SupportedRequests.
3)From the home page, when I click "Certification Policies", I get the
following error message:
The requested URL /pki/ca/policy.html was not found on this server.
Now here comes the confusing part for me because is not specific on the
online manual. According to Ch.6 , it is highly recommended that the first
certificates to be issued should be CA Operator and RA Operator. So my
questions are about what should I input on the "Certificate Details" page:
Certificate Request Group : Which request group should I use for the CA and
RA operator?
E-Mail : Normally I fill in our supp...@mycompany.com email, is this
recommended?
User ID (if any) : normally I leave it blank, Should I use a user id?
Certificate Template : Here I choose CA Operator and RA Operator
Selected Registration Authority : Here I always choose TrustCenter Itself
Level of Assurance : I always choose Very High for CA and RA operators
Key Generation Mode : I always choose "Browser (Your Computer)", When should
I use "Server (Our Server)" as an option?
So after I create the certificates, I guess im supposed to install them to
Firefox and IE on my PC? If that's the case, then no problem. The next thing
is how do I request a certificate for the openca webserver? If the
certificate is for a web server, do I still have to specify my name, email,
etc just like a certificate for a user? All of our servers are Ubuntu 8.04
running apache2, so how do I do this?
Thanks,
Lenir
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
